Cryptographic Attacks

Whether the algorithms and methods are known or not, all types of cryptography are subject to attacks. The plaintext can be revealed, or the key used can be discovered. Depending on what information is available to the attacker and the circumstances involved, a particular type of attack may be more or less effective.

Brute Force

For symmetric key algorithms used to encrypt streams or blocks of data, if the key is not changed at intervals, or is a short length key, a search of all possible keys in the key space can be used to decrypt intercepted communications. This type of attack is very time- and CPU-intensive compared to other attacks. For certain key space sizes, the amount of time it would take to find the desired key could be so long that it is entirely impractical to attempt. Biased key selections, improper implementations of algorithms, faulty key creation routines, and poor initial or random seed values can all contribute to a reduced effective key space and make brute force key searches practical. Also, as CPU power increases and parallel processing solutions become more and more affordable and simple to orchestrate, the idea of brute force cracking a key that was "impossible" a few years ago is quite attainable now.

Exercise 6.01 using L0phtCrack can be run as a brute force attack by removing the reference to a dictionary file from the command line. The LANMAN and NT password hash algorithms are commonly subjected to brute force attacks.

Ciphertext-only Attack

A ciphertext-only attack involves capturing samples of ciphertext and analyzing it to determine the key. This type of attack relies on the statistical repetition of some patterns in the plaintext being visible or discernible in the ciphertext. For example, if the encrypted data utilizes a block cipher in ECB mode, repeated plaintext data will be discernable in the ciphertext.

Known Plaintext Attack

In some cases, it may be possible for the attacker to determine what plaintext was encrypted and sent (for example, a message containing only the word yes or no with a standard message header, subject, or footer). In such cases, the key can be "reverse-engineered" by comparative analysis of the ciphertext with the plaintext. Use of multiple rounds of encryption in DES and 3DES provide some resistance to this attack, although if a small number of encryption rounds (>16) are used, such an attack will be much more effective than a brute force exhaustive key search.

Chosen Plaintext Attack

A chosen plaintext attack involves encryption of known plaintext messages and analyzing and comparing the resulting ciphertext to search for the key. This attack is conditional upon the ability to present various plaintexts to the encryption engine. This sort of attack would likely be difficult to engineer in many cases, but is still dangerous and notable.

Such an attack might be used if dealing with a black box-type of device, where control of the input was available as well as capturing the output. The attacker might feed in data such as "The quick brown fox jumped over the lazy dog" and mathematically compare this and other input with the output, which might be "Uifrvjdlcspxogpykvoqfepwdsuidmbazeph."

Man-in-the-Middle Attack

As an example of a Man-in-the-middle (MITM)-type of attack, consider that someone called Al is performing a standard Diffie-Hellman key exchange with Charlie for the very first time, while Beth is in a position such that all traffic between Al and Charlie passes through her network segment. Assuming Beth does not interfere with the key exchange, she will not be able to read any of the messages passed between Al and Charlie, because she will be unable to decrypt them. However, suppose Beth intercepts the transmissions of Al and Charlie's public keys and responds to them using her own public key. Al will think that Beth's public key is actually Charlie's public key and Charlie will think that Beth's public key is actually Al's public key.

When Al transmits a message to Charlie, he will encrypt it using Beth's public key. Beth will intercept the message and decrypt it using her private key. Once Beth has read the message, she encrypts it again using Charlie's public key and transmits the message on to Charlie. She may even modify the message contents if she so desires. Charlie then receives Beth's modified message, believing it to come from Al. He replies to Al and encrypts the message using Beth's public key. Beth again intercepts the message, decrypts it with her private key, and modifies it. Then she encrypts the new message with Al's public key and sends it on to Al, who receives it and believes it to be from Charlie.

Clearly, this type of communication is undesirable because a third party not only has access to confidential information, but she can also modify it at will. In this type of attack, no encryption is broken because Beth does not know either Al or Charlie's private keys, so the Diffie-Hellman algorithm is not really at fault. Beware of the key exchange mechanism used by any public key encryption system. If the key exchange protocol does not authenticate at least one and preferably both sides of the connection, it may be vulnerable to MITM-type attacks. Authentication systems generally use some form of digital certificates (usually X.509), such as those available from Thawte or VeriSign.